stackoom
  简体   繁体   中英

Will the mac prompt the user again to allow access to the keychain after updating the app?

 原文  2018-10-08 15:39:44       objective-c/ macos/ security/ prompt/ keychain

Question

I've noticed something somewhat strange when I ran the Xcode build of my app and then launch the app store build. If I run the xcode build (using development certificates), then run my app through the app store (using production certificates) I get prompted with the following dialog box

MyApp want to use your confidential information stored in "com.myApp in the keychain.

I also get this dialog when I run the app store build first, then the Xcode development build. I believe this dialog appears because both builds have different certificates (could be wrong).

My biggest concern is the user updates the app, will the user see this dialog?

Not sure if this is important, but this is how I save data to the keychain. 

 [[A0SimpleKeychain keychain] setString:string forKey:@"key"];

1 answers

solution1
 5 ACCPTED  2018-10-11 04:59:48

Apple's code signing guide has the answers.

I believe this dialog appears because both builds have different certificates

Correct. See Understanding the Code Signature :

The most important internal requirement is the designated requirement, or DR. This rule tells an evaluating system how to identify a particular piece of code. Any two pieces of code that have (and successfully verify against) the same DR are considered to be the same code.

...

Some parts of macOS do not care about the identity of the signer. They care only whether the app is validly signed and stable. Stability is determined through the DR, and does not depend on the nature of the certificate authority used. The keychain system and parental controls are examples of such usage.

From Code Signing Tasks :

Shipping and Updating Your Product

The user's system considers the new version of your product to be the same program as the previous version. For example, Keychain Services does not distinguish older and newer versions of your program as long as both are signed and the unique Identifier remains constant.

Signing your code with a different certificate makes the system consider it a different app. As long as you sign your releases with the same certificate between versions, you will be fine.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is there a way to use Touch ID with the iOS Keychain but not prompt for the user passcode? Cannot access keychain item after SMJobBless update Keychain access control from the app with different names Comparing time in iOS to allow user to post again Invoking access prompt and show it to the user Returning “0” everytime when fetching keychain saved passcode from keychain access for ios app Access Keychain values stored by ExpoSecureStore from a Flutter app [iOS] Mac: lock user into app Values that I Put in Keychain Can Be Saved After app is updated? Can we add keychain access group entitlements in CommandLine application for Mac OSX?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM